[Animats]

Until there's a solid third party teardown, you just don't know. Look how many backdoors in major products have been discovered in recent years. Juniper Networks.[1] Cisco.[2] Dell.[3] ZTE.[4].

[1] https://arstechnica.com/information-technology/2016/01/junip... [2] https://www.bleepingcomputer.com/news/security/cisco-removes... [3] https://www.theregister.co.uk/2015/11/25/dsdtestprovider/ [4] https://thehackernews.com/2016/11/hacking-android-smartphone...

[tptacek]

Why would you trust a Yubikey, then?

To my snarky interlocutor: congratulations, you pried the plastic off a Yubikey and found a pair of NXP MCUs. Now what? Can you even get the data sheets for those things without signing an NDA?

[tptacek]

You've gotten quiet, but are posting on other threads (apologies, but you're someone whose comments I follow here on HN). I'm genuinely curious to hear out the logic you brought to this comment about Google backdooring U2F tokens, and also about what security hardware you do trust.

[tedunangst]

But you apparently trust the computer you'd be plugging this key into?